Isaca CGEIT Certified in the Governance of Enterprise IT Exam Exam Practice Test

agree to reduce charge rates and improve relationship management with the business.

look into outsourcing of support functions to drive down the cost structure.

ask the chief financial officer (CFO) about budget revisions for the business units' IT expenditures.

quantify consumption and service level agreement (SLA) achievements per business unit.

risk management committee to identify IT-related risks.

risk management framework.

balanced scorecard that includes IT risks.

risk management reporting tool to ensure compliance.

audit findings.

user access approval procedures.

the impact to security.

a risk and benefit evaluation.

Legal and regulatory requirements

Approved IT investment opportunities

Objectives and responsibilities

Need for enterprise architecture (EA)

An enterprise risk mitigation strategy

Leading and lagging risk indicators

IT performance metrics and standards

Enterprise definitions for risk impact and probability

Establishing key performance indicators {KPIs)

Requiring Internal IT architecture and design reviews

Requiring architecture and design reviews with business process stakeholders

Issuing a management mandate that IT and business process stakeholders work together

the technical feasibility of the investment.

the business and technical scope of the investment •

whether the investment supports corporate goals

whether the investment aligns with the enterprise architecture (EA).

Demonstrating the effectiveness of IT risk policies

Assessing the current IT controls model

Enabling comparison against similar IT KRIs

Increasing the probability of achieving IT goals

Process optimization is embedded across the organization.

Required outcomes are mapped to business objectives.

Process performance is measured in business terms.

Required outcomes are more frequently achieved.

The information steward manages the systems that process the relevant data.

The information steward has expertise in managing data quality systems.

The information steward is closely aligned with the business function.

The information steward is part of the information architecture group.

When issuing requests for proposals (RFPs)

After an assessment of the current information architecture .

When developing service level agreements (SLAs)

During the initial vendor selection process

IT strategy supports continuous improvement initiatives

Metrics are established for IT performance.

Rate of return for projects is achieved.

IT services enable business strategy.

Include data assets in the IT inventory.

Identify data owners across the enterprise.

Require enterprise risk assessments.

Implement enterprise data governance.

Allocate budget to hire more software and quality assurance specialists

Implement a software development life cycle (SDLC) framework.

Mandate more robust software testing prior to release.

Require a root cause analysis and review results.

A mandate for periodic employee training on how to classify corporate data files

A mandate for the encryption of all corporate data files at rest that contain sensitive data

A process for blocking access to cloud-based apps if inappropriate content is discovered

A requirement to scan approved cloud-based apps for inappropriate content

impact to the enterprise.

criticality of IT services affected.

number of IT systems affected.

funds required for remediation.

assess existing process resource capacities.

define accountability based on roles and responsibilities.

apply effective quality management practices.

require third-party independent reviews.

Process framework

Service delivery process model

Objectives and metrics

IT process assessment

Defined service level agreements (SLAs)

Project portfolio dashboards

Key performance indicators (KPIs)

IT user survey results

Complete inventory of enterprise data

Implementation of a breach notification process

Accurate classification of enterprise data

Robust enterprise policy related to data retention

Key performance indicators (KPIs)

Service portfolio management

Vendor status reports

Operational cost reduction reports

Build a governance framework for identifying non-standard processes.

Request funding from the CEO to hire ERP consultants.

Ask the CEO to be the sponsor of the program

Engage a reluctant business unit to conduct a proof-of-concept pilot.

Monitor service level performance.

Document strengths, weaknesses, opportunities, and threats.

Document policy requirements

Identify key performance indicators (KPIs).

Ask business stakeholders to discuss their vision for the new strategy.

Cancel projects with a net present value (NPV) below a defined threshold.

Conduct a risk assessment against the potential new services.

Start re-allocating budget to projects involving mobile or cloud.

Use a balanced scorecard to measure IT outcomes.

Analyze emerging technology products and related training needs.

Procure appropriate resources to support emerging technology

Assess the impact on the existing IT strategy

Return on investment (ROI)

Resource requirements.

Service level agreements (SLAs)

Economies of scale

Calculating the cost of the current solution

Updating the business risk profile

Changing the IT steering committee charter

Revising the business's balanced scorecard

Identify business risk appetite and tolerance levels.

Quantify the risk impact and evaluate possible countermeasures.

Limit the personal data available to the high-risk countries.

Mandate the strengthening of user access controls.

Requiring the enterprise architecture (EA) be updated

Validating that the balanced scorecard is still meaningful

Ensuring IT will operate at a lower cost than the vendor

Ensuring a change management plan is in place

implement knowledge management practices

Establish a mentoring program for IT staff

Determine key risk indicators (KRIs)

Retain key staff as consultants.

Risk management framework

Possible investment failures

Value obtained with minimum risk

Risk appetite of the enterprise

increase transparency of value to the enterprise

assist top management in approving IT projects

improve value of successful IT projects

optimize value to the enterprise.

Review help desk logs.

Confirm user acceptance testing (UAT) was completed.

Request a gap analysis.

Institute a new software training program

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

Ask managers to determine IT training requirements annually.

Determine training needs based on the capabilities to support the IT strategy.

Survey employees for IT skills requirements based upon technology trends.

information technology risk.

framework development cost.

information technology strategy.

stakeholders' support.

Balanced scorecard

Key risk indicators (KRIs)

Maturity model

Key performance indicators (KPIs)

capture source information and supporting evidence.

improve business process controls.

review information event logs tor potential incidents.

review retention requirements for source information.

Balanced scorecard

Capability maturity levels

Performance indicators

Critical success factors (CSFs)

CIO

Internal audit director

Application users

The board of directors

Develop key performance indicators (KPIs) to measure enterprise adoption.

Integrate data encryption requirements into existing and planned projects.

Assign owners for data governance initiatives.

Mandate the creation of a data governance framework.

Establishment of an IT steering committee

Standards-based reference architecture and design specifications

Establishment of standard vendor and technology designations

Design of policies and procedures

Require development of key risk indicators (KRls).

Develop a policy to address ransomware.

Request a targeted risk assessment.

Back up corporate data to a secure location.

Engage a team to perform a business impact analysis (BIA).

Require the development of a risk management plan.

Determine resource requirements for program implementation.

Require the development of a program roadmap.

Practical and enforceable policies

Automated compliance tracking

Comprehensive and timely audit reviews

Periodic peer reviews

Review the enterprise data architecture.

Establish a data quality plan

Consult the quality assurance (QA) function.

Acquire data migration tools.

Review the resource utilisation matrix.

Recruit IT resources based on the expansion decision.

Embed IT personnel in the business units.

Update the IT strategic plan to align with the decision.

mandating board-approved enterprise risk management (ERM) modifications.

requiring the establishment of an enterprise risk management (ERM) framework.

requiring the establishment of an enterprise-wide program management office.

ensuring the cost-effectiveness of the internal control system.

Recommending mobile applications that will increase business productivity

Training employees on the enterprise's chosen mobile device management system

Educating employees on the increased IT security risk to the enterprise

Understanding knowledge gaps of IT employees to support different mobile platforms

Communicate the new IT objectives during a staff meeting.

Define individual performance measures related to the IT objectives.

Establish IT management's performance measures based on the IT objectives.

Update the IT balanced scorecard to align with the new IT objectives.

Users should be provided with clear instructions that are easy to follow and understand.

The data classification tools integrate with other tools that help manage the data.

The classification scheme should be closely aligned with the IT strategic plan.

Senior management should be properly trained in monitoring compliance.

The number of help desk calls

A balanced scorecard

A survey of IT staff

IT cost reduction

reviewing current goals-based performance appraisals across the enterprise.

ranking employees across the enterprise based on their compensation.

ranking employees across the enterprise based on length of service.

retaining capable staff exclusively from the local market.

Risk appetite

Internal framework assessment

Competitor analysis

Critical success factors (CSF)

determine if the IT staff can support the emerging technologies.

understand how the emerging technologies will influence risk across the enterprise.

require a capacity plan and framework review for the emerging technologies,

require a review of the enterprise risk management framework.

Establish a change management process.

Obtain top management support and ownership.

Ensure compliance with corporate policy.

Benchmark against best practices.

Risk policy

Risk framework

Risk heat map

Risk register

trust among internal and external stakeholders.

employees act more responsibly.

corporate social responsibility.

legal and regulatory compliance.

Remove applications that are not aligned with the information architecture.

Review the information classification and retention policies

Review the information architecture.

Assess current information ownership.

monitor whether the chosen strategy is successful

visualize how the strategy will be achieved.

demonstrate commitment to IT governance.

clarify the cause-and-effect relationship of the strategy.

Recommend delaying the business change.

Implement IT changes to align with the plan.

Report the risk to executive management

Plan for the corresponding IT reorganization.

Map the IT objectives to an industry-accepted framework.

Enhance the budget for training based on the IT objectives.

Include the IT objectives in staff performance plans.

Include CIO sign-off of the objectives as part of the IT strategic plan.